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America  can  no  longer  rely  on  broad  oceans  and  a  strong 
military  to  protect  its  homefront.  The  arrival  of  the 
information  age  has  created  a  new  menace — cyber-terrorism.  This 
threat  recognizes  no  boundaries,  requires  minimal  resources  to 
mount  an  attack,  and  leaves  no  human  footprint  at  ground  zero. 

This  study  addresses  technology,  identification  procedures, 
and  legal  ambiguity  as  major  issues,  for  countering  cyber¬ 
terrorism  as  an  emerging  challenge  to  U.S.  national  security.  As 
America's  reliance  on  computer  technology  increases,  so  does  its 
vulnerability  to  cyber  attacks. 
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U.S.  vulnerability  to  [cyber-t error ism  is]  the  major 
security  challenge  of  this  decade  and. possibly  the  next 
century.* 

—  Joint  Security  Commission 

For  more  than  200  years,  America's  homeland  has  enjoyed 
protection  from  attacks  because  of  broad  surrounding  oceans  and  a 
strong  military  force.  However,  the  arrival  of  the  information 
age^  has  dramatically  changed  America's  defense  posture:  How  can 
we  protect  our  recently  developed  critical  information 
infrastructure?  According  to  the  Presidential  Commission  on 
Critical  Infrastructure  Protection,  "as  networked  computers 
expand  their  control  over  the  nation's  energy,  power,  water, 
finance,  communications,  and  emergency  systems,  the  possibility 
of  electronic  attack  and  catastrophic  terrorism  becomes 
increasingly  possible."^ 

Yearly,  commercial  businesses  and  government  organizations 
lose  valuable  data,  time,  and  money  because  computer  systems  are 
compromised.  Annually,  some  250,000  attempts  to  penetrate  U.S. 
Department  of  Defense  (DoD)  computer  systems  are  recorded. 
Sixty-five  percent  of  these  attempts  are  successful.^  For 
example,  in  February  1998,  as  the  U.S.  was  stepping  up 
deployments  of  troops  and  equipment  to  the  Persian  Gulf,  11  U.S. 
military  computer  systems  were  comprised — seven  Air  Force 
systems,  four  Navy  systems.  Those  compromised  contained 
logistical,  administrative,  and  pay  records  data.  Such 
intrusions  potentially  cause  widespread  confusion  and  disruption 
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of  military  operations.  They  certainly  call  into  question  the 
integrity  of  security  for  our  DoD  computer  systems. 

Investigating  authorities  have  stated  that  recent  breaches  of 
military  computers  are  the  most  organized  and  systematic  attacks 
on  U.S.  defense  networks  to  date.  Sources  of  these  attacks  have 

not  been  identified.^ 

Other  compromises  of  national  critical  infrastructure 
network  components  include  an  October  1997  compromise  of  the 
Pacific  &  Electric  Company' s  network,  which  caused  widespread 
power  outages  in  San  Francisco,  California.  Also  switchboards  in 
Florida  were  jammed  intermittently  for  months  in  1996,  which 
prompted  a  global  hunt  for  the  attacker  by  the  Federal  Bureau  of 
Investigations.  Likewise,  another  high  profile  hacker  (a  person 
who  attempts  to  penetrate  security  systems  on  remote  computers  as 
a  challenge)  intrusion  occurred  during  the  summer  of  1995,  when 
several  military  and  university  computer  systems  containing 
important  and  sensitive  information  about  satellites,  radiation 
and  energy  were  compromised.^  These  cases  involve  hacker  break- 
ins  to  computer  systems,  not  cyber-terrorists  attacks-  However, 
hackers  and  cyber-terrorists  differ  only  in  their  intentions: 
Hackers  may  be  only  criminally  destructive  adventurers,  whereas 
cyber-terrorists  are  advanced  enemies  of  a  nation  state. 

"The  information  age  promises  an  explosion  in  economic 
growth,  technological  innovation  and  educational  opportunities 
that  could  improve  the  standard  of  living  and  quality  of  life 
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around  the  world. However,  an  unintended  consequence  of 
information  age  triumphs  is  the  creation  of  a  new  problem — 
cyber-terrorism.  Barry  Collins,  an  analyst  for  the  Institute  for 
Security  and  Intelligence,  coined  the  term  "cyber-terrorism"  a 
decade  ago.  He  identifies  cyber-terrorism  as  "the  intentional 
abuse  of  a  digital  information  system,  network,  or  component 
toward  an  end  that  supports  or  facilitates  a  terrorist  campaign 
or  action."®  Current  corporate  and  government  practices  to 
computerize  more  and  more  tasks  and  processes  plays  into  the 
hands  of  the  cyber-terrorist. 

Documented  evidence  indicates  several  terrorist 
organizations  have  incorporated  information  age  technology  into 
their  terroristic  strategies.  For  example,  the  Italian  Red 
Brigade's  manifesto  specifies  attacking  computer  systems  as  an 
objective  for  striking  a  state's  center  of  gravity.  Law 
enforcement  and  intelligence  officials  say  various  terrorist 
organizations  operating  in  the  U.S.  are  making  full  use  of 
technology  to  link  their  World  Wide  Web  sites,  to  solicit  funds, 
to  transfer  funds  to  anonymous  off-shore  bank  accounts,  and  to 
stage  attacks. 

John  Deutch,  then  Central  Intelligence  Agency  Director,  in 
testimony  before  Congress  in  June  of  1996,  warned  that  "the 
ability  to  launch  an  attack  on  the  U.S.  infrastructure  via 
computer-generated  terrorism,  the  ultimate  precision-guided 
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weapon,  is  already  in  the  hands  of  terrorist  organizations". 

Indeed,  "modem  mayhem’®"  is  plausible. 

This  study  addresses  several  issues  that  characterize  cyber¬ 
terrorism  as  an  emerging  challenge  to  U.S.  national  security. 

The  background  establishes  a  frame  of  reference  for  understanding 
cyber-terrorism.  Secondly,  the  challenges  are  analyzed  in  terms 
of  major  issues  related  to  cyber-terrorism:  technology, 
identification  procedures,  and  legal  ambiguity.  This  study 
concludes  with  recommendations  for  limiting  vulnerabilities  of 
critical  U.S.  infrastructure  computer  networks  to  cyber¬ 
terrorism. 

BACKGROUND:  Evolution  in  Revolution 

I  am  a  computer  revolutionary.  If  a  revolutionary 
is  a  terrorist,  then  a  computer  revolutionary  is  a 
computer  terrorist  and  therefore,  I  am  a  computer  terrorist. 

—  Rop 

European  Hacker 

U.S.  national  security  experts  list  terrorism  as  one  of  the 
top  current  menaces.  However,  terrorists  have  recently 
implemented  new  strategies  utilizing  information  age  tools. 

Given  the  minimal  requirement  of  a  personal  computer,  modem, 
telephone  connection,  and  a  few  well  placed  key  strokes  to 
orchestrate  an  attack  on  a  nation' s  electronic  infrastructure,  a 
new  terrorist  species  has  evolved,  the  cyber-terrorist.  The 
cyber-terrorist  practices  cyber-terrorism,  a  new  breed  of 
terrorism.’^  Just  as  nations  have  exploited  technology  in  their 
national  interest,  cyber-terrorists  have  also  leveraged 
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technology  in  pursuit  of  exploiting  the  power  of  information 
tools  in  their  interests. 

•  Historically,  the  form  of  terrorism  dominant  during  the  Cold 
War  was  ideological  terrorism,  and  could  be  categorized  as  either 
Marxist  or  nationalist.  For  example,  the  Italian-based  Marxist 
Red  Brigade,  very  active  in  the  1980s,  seeks  to  create  his  own 
revolutionary  state  through  armed  struggle  and  to  separate  Italy 
from  the  Western  Alliance.  This  group  concentrated  on 
assassination  and  kidnapping  of  Italian  government  officials  and 
influential,  private  sector  leaders.  However,  Americans  were 
also  targeted.  U.S.  Army  Brigadier  General  James  Dozier  was 
kidnapped  in  1981  and  Leamon  Hunt,  U.S.  Chief  of  the  Sinai 
Multinational  Force  and  Observer  Group,  was  murdered  in  1984  by 
the  Red  Brigade  to  protest  U.S.  and  NATO  forces  presence  in 
Italy,  as  well  as  their  foreign  policies.*^ 

In  the  wake  of  the  Cold  War,  ethno-religious  and  single¬ 
issue  terrorism  was  most  prevalent.  Ethno-religious  terrorism 
was  responsible  for  the  1993  World  Trade  Center  bombing  in  New 
York  City  by  militant  Islamic  radicals  who  view  the  U.S.  as  the 
"Great  Satan",  an  enemy  of  Islam  that  must  be  punished.  The  1995 
bombing  of  Oklahoma  City's  Alfred  P.  Murrah  Federal  Building  was 
an  example  of  single-issue  terrorism.  Prosecutors  contend  that 
the  conspirators  responsible  for  the  bombing  sought  retaliation 
for  the  federal  government's  1993  siege  of  and  attack  on  the 
Branch  Davidian  compound  at  Waco,  Texas.  Some  terrorist  experts. 
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supported  by  their  research,  contend  that  single-issue  terrorism 
has  the  potential  to  be  the  most  prevalent  terrorism  form  to 
occur  domestically. 

Some  of  the  organizations,  groups,  and  individuals  who  have 
shown  an  inclination  to  implement  single-issue  terrorism  include 
radical  environmentalists,  pro-life  movement  extremists,  animal 
rights  extremists,  separatist  groups,  millenium  watchers, 
cultists,  survivalists,  neo-fascists,  drug  and  other  criminal 
cartels,  as  well  as  disgruntled  employees.  Representatives  of 
all  these  groups  reside  and  are  active  in  the  U.S. 

Who  or  what  do  these  terrorist  groups  target?  The 
President's  Commission  on  Critical  Infrastructure  Protection  has 
identified  eight  critical  U.S.  infrastructures  at  risk: 
telecommunications;  transportation  (aviation,  shipping,  trucking 
and  rail  industries);  electrical  power  systems;  water  supply 
systems;  gas  and  oil  storage  and  transportation;  emergency 
services;  banking  and  finance;  and  continuity  of  government 
services.  Not  all  of  these  systems  are  networked,  but  all  are 
becoming  so.  Even  systems  in  a  "stand  alone"  mode  are  vulnerable 
to  several  kinds  of  attacks.  One  vulnerability  can  be  exploited 
through  a  modem  and  social  engineering.  The  terrorist  pose  as  a 
new  employee  in  need  of  assistance  to  access  company  computers  in 
order  to  acquire  data  on  internal  security,  passwords,  and  system 
configurations.  Similarly,  "Trusted  Insiders"  use  their  direct 
access  to  destroy  or  manipulate  the  data  or  computer  networks 
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from  within.  Sometimes  they  insert  a  malicious  code  during 
outside  service  calls,  contractor  network  upgrades,  or  through 
loading  unsolicited  software.  Even  software  received  anonymously 
in  the  mail  may  carry  out  such  insidious  disruption;  it  may 
indeed  be  innocently  introduced  to  a  targeted  system. 

What  objectives  cyber-terrorists  achieve  through  such 
relatively  easy  intrusions?  The  cyber-terrorist  has  three 
potential  objectives:  destruction,  alteration,  or  acquisition  and 
retransmission  of  data/commands.  Achievement  of  any  of  these 
objectives  could  have  a  potentially  devastating  impact  on  the 
intended  target. 

What  are  cyber-terrorists'  weapons?  Weapons  of  choice  are 
electronic  in  nature.  They  require  only  time  to  create  a  list  of 
instructions  for  the  computer  to  follow  and  a  few  key  strokes  to 
deliver  those  instructions.  Computer  viruses  are  the  oldest  and 
best- known  software  weapons.  They  invade  computer  systems  and 
reproduce  themselves,  destroying  data  and/or  hardware.  Most 
viruses  use  the  hitchhiker  approach  to  enter  a  computer  system. 
Like  biological  viruses,  the  computer  virus  is  silent  and 
invisible;  it  does  not  show  itself  until  the  targeted  system  is 
already  infected. 

Another  weapon  is  the  worm.  "Worms  are  breeder  programs, 
reproducing  themselves  endlessly  to  fill  up  memory  and  hard 
disks.  Worms  are  often  designed  to  send  themselves  throughout  a 
network,  making  their  spread  active  and  deliberate."*^ 
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A  third  weapon  is  the  logic  bomb,  which  is  difficult  to 
locate.  The  logic  bomb  is  a  set  of.  destructive  instructions  that 
detonate  on  a  predetermined  date .  It  may  also  detonate  when  a 
specific  set  of  instructions  is  executed,  causing  damage  within 
the  computer  or  throughout  a  network. 

Bots  are  a  fourth  weapon  of  the  cyber-terrorist.  The  bot  is 
derived  from  robot;  it  is  code-designed  to  recon  the  Internet  and 
carry  out  designated  tasks.  For  instance,  it  may  retrieve  or 
destroy  specified  data.  The  SYN  attack  is  a  similar  bot  weapon. 
It  floods  a  host  server  and  causes  a  bottle-neck  or  traffic  jam. 
Server  access  slows  to  a  crawl  or  is  disabled. 

Finally,  extortion  can  be  used  just  as  effectively  as  one  of 
the  weapons  listed  above.  Recent  reports  indicate  that  banks 
have  paid  hackers  upwards  to  six  figures  to  prevent  them  from 
using  the  banks'  compromised  security  codes.  Also,  in  the  past 
year,  corporations  have  lost  in  excess  of  $800  million  as  a 
result  of  computer  break-ins.'^ 

The  above  list  of  cyber-terrorist  weapons  is  by  no  means 
exhaustive.  It  is  merely  a  representative  sampling  of  tools  in 
the  hands  of  John  Q.  Cyber-Terrorist.  A  radical  European 
computer  hacker  proclaimed,  "You  see,  computers  are  to  be  used  as 
a  tool  for  the  revolution.  It  is  up  to  us  to  stir  up  the  social 
system.  It's  not  working.  We  have  to  make  the  waves."  As 
America's  dependence  on  computers  continues  to  flourish,  John  Q. 
Cyber-Terrorist  no  doubt  looks  at  the  U.S.  as  a  target  rich 
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environment.  His  new  maxim  may  be,  "So  many  new  targets... so 
little  time".'^ 

CHALLENGES:  TECHNOLOGY 

In  the  future,  factories  will  have  only  two  employees, 

a  man  and  a  dog.  The  man  to  feed  the  dog  and  the  dog  to  keep 
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the  man  away  from  the  computers. 

—  Anonymous 

Technology  enables  cyber-terrorists  to  maintain  anonymity. 
"No  airport  checkpoints  to  pass  through.  No  fingerprints  left  on 

the  steering  wheels  or  bomb  fragments.  No  human  presence  at 
21 

ground  zero." 

Since  information  system  knowledge  doubles  every  twelve 
months  and  since  this  growth  continues  to  accelerate,  security 
procedures  cannot  keep  pace  with  technology  improvements.  By  the 
time  the  full  impact  or  significance  of  a  technological 
improvement  is  known,  new  advancements  are  already  on  the 
market. As  technology  becomes  more  cost  effective,  cyber¬ 
terrorists  become  more  technologically  oriented  in  their  tactics 
and  strategies. 

Technology  has  linked  America's  critical  infrastructure 
systems  together  so  tightly  that  an  attack  on  any  link  could  very 
well  have  cascading  impacts,  eventually  affecting  several  or  all 
systems.  Unfortunately,  the  U.S.  is  the  leading,  worldwide 
consumer  of  digitization;  the  nation  has  become  enthralled  with 
the  plethora  of  data  available  at  the  users'  fingertips. 

Americans  expect  their  computers  to  work  all  the  time,  exactly 
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when  they  want  them  to.  If  such  expectations  are  not  fulfilled, 
this  dependence  forces  a  virtual  productivity  shutdown. 

Sophisticated  cyber-terrorists  recognize  that  a  disruption 
of  America' s  computer  network  will  have  cascading  negative 
impacts.  Frequent  disruptions  will  initiate  the  desired  effects 
of  fear,  panic,  and  a  loss  of  confidence  in  the  nation's 
leadership  to  prevent  future  disruptions .  Imagine  the  havoc 
created  if  only  a  region  of  America' s  financial  network  was 
successfully  attacked:  No  stock  or  credit  card  transactions, 
personal  and  corporate  banking  accounts  deleted,  and  automatic 
telemachines  being  rendered  inoperative.  No  doubt,  mass  hysteria 
would  result.  The  most  frightening  aspect  of  the  above  scenario 
is  that  the  tools  and  techniques  for  creating  such  havoc  are 
readily  available  today.  A  few  select  commands  to  key  power 
grids  could  cause  a  massive  power  outage  for  days,  possibly  for 
weeks — especially  if  the  main  computer,  as  well  as  the  backup 
software,  were  corrupted  as  a  result  of  a  cyber  attack. 

Technological  advances  in  hardware,  software,  and  the 
Internet  are  enabling  private  citizens,  businesses,  government, 
and  DoD  to  obtain  sensitive  data  for  legitimate  purposes.  But 
these  advancements  also  assist  cyber-terrorists  in  the  conduct  of 
illegitimate  activities A  cyber-terrorist's  primary  tools  are 
the  personal  computer  (PC),  the  modem,  and  a  telecommunications 
line.  Approximately  every  twelve  months,  the  PC  is  enhanced  by 
increased  processing  speed,  increased  CD  ROM  speed,  increased 
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data  storage  capacity,  improved  reliability,  improved  mobility, 
and  greater  acceptance  because  of  lower  prices  and  ease  of 
operation. 

The  second  hardware  tool  is  the  modem.  It  is  also  enhanced 
on  an  ongoing  basis  to  increase  data  transmission  speed  and 
reliability.  These  enhancements  likewise  enable  the  cyber¬ 
terrorist  to  transmit  his  destructive  commands  faster  and  more 
accurately. 

The  cyber-terrorist  also  has  easy  access  to  the  telecom¬ 
munication  line.  Recent  improvements  have  removed  old  wiring, 
which  carried  only  one  call  per  strand.  It  has  been  replaced  by 
fiber  optic  cable,  which  can  carry  thousands  of  communication 
exchanges  on  one  line  smaller  than  a  human  hair.  The  fiber  optic 
cable  facilitates  telecommunications  transmission  of  video,  data, 
voice,  word,  and  images  which  can  be  transmitted  one  at  a  time  or 
simultaneously.  Fiber  optic  cable  also  easily  encrypts  data  for 
security  purposes.^"*  Although  legitimate  users  enjoy  the  many 
advantages  of  fiber  optic  cable  use,  the  same  advantages  also 
enhance  the  cyber-terrorist's  capability  to  attack  and  disrupt 
systems . 

With  one  or  more  of  these  accessible  tools  of  terror,  the 
cyber-terrorist  is  almost  ready  to  launch  an  attack.  All  he 
lacks  is  a  set  of  programming  instructions,  the  software.  Some 
of  the  hacker  software  programs  now  available  are  SATAN,  an 
infiltration  program  designed  to  automatically  scan  networks  for 
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documented  security  holes;  PC  Track,  a  program  that  tracks 
satellites  orbiting  the  earth;  and  Virus  Creation  Lab,  a 
combination  of  software  codes  that  may  be  mixed  and  matched  to 
create  malicious  virus  programs.  Using  this  software,  the 
cyber-terrorist,  assisted  by  the  PC,  modem,  and  a  telecommuni¬ 
cations  line,  can  rapidly  access,  destroy,  alter,  copy,  or 
retransmit  selected  data. 

He  can  also  use  the  software  advancement  in  cryptography, 
which  is  the  science  of  code  making  and  code  breaking. 
Cryptography  is  no  longer  used  primarily  by  the  diplomatic  and 
military  establishments.  Law-abiding  private  citizens, 
businesses,  and  government  organizations  are  employing 
cryptography  software  to  share  information  securely.  Once  again, 
cyber-terrorists  now  utilize  cryptography  software  to  carry-on 

illegal  activities  such  as  encrypting  their  message  traffic  from 
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the  prying  eyes  of  law-enforcement  agencies. 

Last  but  not  least  is  the  cyber-terrorist's  ready  access  to 
the  Internet.  Some  technical  writers  have  proclaimed  the 
Internet  as  the  foundation  for  planetary  connection  and  the 
ultimate  pathway  to  democracy.  However,  like  many  powerful 
tools,  the  Internet  can  be  abused.  "The  Internet,  which  was 
created  in  1969  as  a  network  for  the  U.S.  Department  of  Defense, 
essentially  is  a  network  of  networks  (a  large  group  of  computers 
interlinked  and  capable  of  sharing  information)."^’  The 
exponential  growth  of  the  Internet  is  based  on  its  service  to 
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commercial  activities.  Business  uses  of  the  Internet  range  from 

internal  and  external  communications  to  advertising  and  selling 
28 

products.- 

Americans  are  increasingly  using  the  Internet,  both  for 
business,  and  for  recreational  and  educational  purposes.  The 
Internet  has  far  transcended  its  original  purpose  of  enabling 
scientists  to  share  information  and  resources  with  their 
colleagues  across  long  distances  and  to  provide  an  assured  means 
of  communicating  with  selected  governmental  proponents  in  the 
event  of  a  nuclear  war.^^  Today  it  provides  multiple  points  of 
entry  into  computer  systems  connected  to  it.  As  the  Internet 
grows,  so  do  vulnerabilities,  because  computer  systems  linked 
through  the  Internet  are  less  and  less  physically  isolated  and 
controlled.  Instead,  connections  are  more  indiscriminate,  access 
is  less  monitored  and  controlled.  The  Internet  today  consists  of 
layers  of  systems  distributed  across  many  other  systems  which 
utilize  network  and  application  software  too  complex  for  a  single 
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individual  to  understand  completely. 

In  summary,  technology  employed  by  cyber-terrorists  is 
readily  available  and  cost  effective.  Access  to  it  requires  no 
state  sponsorship.  Technology  provides  a  comfortable  degree  of 
anonymity  and  offers  a  multitude  of  points  of  entry  to  attack 
America' s  critical  infrastructure  systems  remotely.  Misuse  of 
technology  will  continue  to  place  America's  critical  networks  at 
risk  because  of  the  constant  improvements  in  technological 
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capabilities  and  the  cyber-terrorist's  ability  to  quickly  and 
relatively  easily  exploit  these  improvements. 

IDENTIFICATION 

Emerging  technology  has  undoubtedly  enhanced  the  cyber¬ 
terrorist's  weapons  arsenal.  To  compound  the  problem  of 
countering  cyber-terrorists,  this  technology  has  also  diminished 
capabilities  to  identify  perpetrators.  As  hardware  (computers 
and  modems)  continues  to  shrink,  cyber-terrorists'  mobility 
increases.  As  the  hardware's  processing  speed  increases,  the 
cyber-terrorists'  on-line  time  to  issue  destructive  commands  or 
to  communicate  with  compatriots  likewise  decreases,  limiting 
defenders'  chances  of  "catching  them  red-handed".  As  hardware 
prices  fall,  cyber-terrorists  are  ensured  of  ready  access  to 
state-of-the-art  equipment.  And  as  software  enhancements  are 
implemented,  the  cyber-terrorist's  efficiency  likewise  increases. 
All  told,  computer  systems  security  managers  face  a  Herculean 
challenge  to  identify,  with  certainty,  the  cyber-terrorist. 

Another  technological  innovation  that  hampers  the 
identification  of  cyber-terrorists  is  the  anonymous  server.  It 
sends  message  traffic  through  several  electronic  remailers.  As 
the  intruder' s  destructive  signals  traverse  several  anonymous 
servers  located  in  far-flung  parts  of  the  world,  their  true 
origin  is  almost  certainly  masked.^' 

Likewise,  the  identification  of  state  sponsored  cyber¬ 
terrorism  is  definitely  not  a  cut-and-dried  proposition.  The 
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distinction  between  legitimate  rational  states  and  rogue  states 
is  blurred.  "If  a  government  could  choose  between  perpetrating 
an  attack  through  its  own  organs  or  contracting  out,  most  would 
take  the  latter  option  quite  seriously . Why?  Nations  can 
always  use  the  deniability  screen  provided  by  technology  to 
proclaim  their  innocence.  Even  if  the  perpetrators  are  caught, 
identifying  them  as  agents  of  a  particular  government  is  hardly 
guaranteed.  Cyber-terrorists  neither  wear  uniforms  nor  require 
special  equipment  available  through  sponsorship,  such  as  tanks, 
planes,  or  submarines  that  may  be  traced. 

Responding  to  a  cyber-terrorist  attack  is  a  risky  endeavor, 
especially  if  the  attacker  has  not  been  positively  identified. 

An  offensive  response  triggering  a  retaliatory  strike  requires 
clear  and  positive  identity  of  the  attackers.  But  many  questions 
must  be  answered  prior  to  retaliation:  How  should  the  U.S. 
respond,  through  the  use  of  military  force,  diplomatic  channels, 
federal  law  enforcement,  or  a  combination  of  the  above?  What  are 
the  criteria  for  responding?  Depending  on  the  nature  and  extent 
of  the  attack,  should  the  response  be  through  an  alliance  with  a 
coalition  of  other  nations  or  as  a  unilateral  action?  If  such 
questions  are  not  addressed,  surely  the  situation  could  escalate 
beyond  cyberspace,  that  virtual  world  where  humans  and  computers 
co-exist,  to  a  full  scale  conventional  war. 

Last  but  certainly  not  least  in  the  identification  arena  is 
the  owner-operators'  inability  to  discern  when  a  system  is  under 
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attack.  Only  five  percent  of  all  victims  know  their  networks  are 
under  attack.  Of  those  who  know  of  or  suspect  an  attack,  only 
two  percent  report  it.^^  Unfortunately,  owner-operators  cannot 
distinguish  an  accidental  outage  or  maintenance  problem  from  a 
cyber-terrorist  attack.  The  new  breed  of  terrorists  increasingly 
choose  to  remain  anonymous  after  they  have  attacked,  instead  of 
identifying  themselves  as  they  have  done  in  the  past.  The  actual 
attack  thus  becomes  an  end  unto  itself  according  to  several 
terrorism  experts.  Additionally,  this  lack  of  acknowledgement 
increases  anxiety,  tension,  and  uncertainty  regarding  follow-on 
attacks . 

Given  the  low  probability  that  a  cyber-terrorist  will  be 
identified,  thoroughly  resourced  attacks  can  be  implemented  at 
the  time  and  place  of  the  attackers'  choosing.  The  President's 
Commission  on  Critical  Infrastructure  Protection  concluded  that 
cyber-terrorists  are  able  to  conceive,  plan,  and  implement  an 
attack  with  no  detectable  logistical  preparations.  "The  target 
can  be  invisibly  reconnoitered,  the  sequence  of  events 
clandestinely  rehearsed,  and  an  attack  launched  without  revealing 
the  identity  of  the  intruder . 
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AMBIGUITY 


Criminals  [are]  moving  increasingly  into  cyberspace  and 
without  new  laws,  drug  dealers,  arms  dealers,  terrorists 
and  spies  will  have  immunity  like  no  other. 

—  Louis  Freeh 
FBI  Director 

In  an  era  of  global  markets  and  global  competition,  the 
technologies  to  create,  manipulate,  manage,  use,  and  protect 
critical  infrastructure  networks  are  of  strategic  importance  to 
the  U.S.  However,  the  global  information  age  challenges  U.S.  law 
and  necessitates  the  creation  of  consistent  multinational  legal 
standards.  How  can  the  national  security  establishment  better 
discern  what  is  a  politically  motivated  computer  crime  as  opposed 
to  a  teenage  computer  prank?  Criminal  law  has  applied  the  so- 
called  "rule  of  lenity"  and  imposed  the  burden  of  proof  and 
persuasion  on  the  prosecution.  Thus,  in  order  to  impose  criminal 
sanctions,  laws  protecting  the  informational  infrastructure  must 
clearly  and  unambiguously  define  which  activities  are  permitted 
and  which  are  proscribed. 

Further,  any  doubts  concerning  the  application  of  the  law 
should  be  resolved  in  favor  of  the  accused.  If  the  law  is  too 
ambiguous  to  be  assuredly  applied  or  if  it  fails  to  define  the 
nature  of  the  proscribed  conduct,  the  entire  statutory  scheme  may 
be  struck  down  as  "void  for  vagueness. The  bottom  line  is 
that  currently  the  prosecutor  has  the  burden  of  proving  beyond  a 
reasonable  doubt  that  the  accused  is  guilty.  Also,  computer- 
related  offenses  without  eyewitness  testimony  and  physical 
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evidence  pose  a  major  problem  for  law  enforcement  authorities. 

All  too  frequently,  they  cannot  gather  sufficient  evidence  to 
support  a  conviction  of  known  culprits. 

In  fact,  we  have  no  generally  accepted  definition  of  what 
constitutes  a  computer  crime,  wherein  terrorism  has  only  a  small 
part.  Although  the  term  "cyber-terrorism"  was  coined  a  decade 
ago,  there  is  no  indication  that  the  State  Department  has  adapted 
a  useful  definition  of  the  term.  The  State  Department's  Anti¬ 
terrorism  unit  narrowly  defines  terrorism  as  only  politically- 
motivated  physical  attacks.  Thus  computer  network  attacks 
generally  do  not  conform  to  their  definition  of  terrorism.^’  Ego- 
driven  intrusions  into  a  system  to  erase  files  or  stealing 
information  with  the  sole  intent  to  blackmail  is  nothing  more 
than  simple  theft,  fraud,  or  extortion.  Such  intrusions  do  not 
constitute  an  attack  on  the  government.^*  However,  Ambassador 
Philip  C.  Wilcox,  Jr.,  the  State  Department's  coordinator  for 
counter-terrorism,  did  address  cyber-terrorism  in  his  remarks  to 
the  IS’^^  Annual  Government/Industry  Conference  on  Terrorism, 
Political  Instability,  and  International  Crime  on  28  February 
1997  in  Washington,  D.C. 

Since  cyber-terrorism  respects  neither  national  borders  nor 
legal  constraints,  the  challenge  of  international  cooperation  and 
coordination  of  investigations,  coupled  with  diverse,  overlapping 
and  sometimes  contradictory  computer  crime  laws,  regulations  and 
criminal  procedures,  makes  enforcement  of  criminal  statutes  even 
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more  difficult.  Understandably,  sovereign  nations  are 
reluctant  to  release  control  over  domestic  issues  or  to  allow 
foreign  governments  to  impose  laws  on  their  citizens. 

"It  is  commonplace  to  observe  that  states  participate  in 
international  arrangements  when  it  is  in  their  best  interest  to 
do  so,  or  when  those  arrangements  can  be  molded  to  conform  with 
states'  perceived  self-interests."^®  Governments  around  the 
world  must  acknowledge  that  their  individual  and  collective  self- 
interest  lies  in  compatible  legal  procedures,  workable 
international  standards,  and  global  cooperation. 

Computer  criminals  are  becoming  increasingly  sophisticated 
and  knowledgeable.  Some  legal  experts  accordingly  despair  that 
cyberlaws  (rules  and  regulations  regarding  behavior  in  the 
virtual  computer  world) ,  like  many  other  statutes  "become 
obsolete  as  soon  as  they  are  passed  with  changes  in  behavior  out 
stripping  changes  in  the  law.""*'  Cyberlaw  is  currently  only 
graduating  from  kindergarten.  Lamentably,  there  is  little 
consensus  on  how  to  proceed  legislatively  and  judicially. 

A  convincing  argument  can  be  made  that  it  is  in  America's 
interest  to  take  the  lead  in  seeking  global  cooperation  to 
establish  compatible  legal  procedures  and  international 
standards.  After  all,  America  is  the  world's  largest  consumer  of 
automation,  even  though  it  has  only  five  percent  of  the  world's 
population.  The  security  of  the  nation's  electronic 
infrastructure  is  too  important  for  America  not  to  seek  more 
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protective  measures.  Some  defense  and  intelligence  officials 
warn,  that  "as  the  United  States  becomes  more  dependent  on 
computerized  information  systems,  and  links  between  these 
networks  grow,  so  does  the  vulnerability  to  an  electronic  assault 
that  could  paralyze  the  country. 

DoD  must  assume  a  significant  role  in  addressing  cyber¬ 
terrorist  attacks.  But  this  emerging  role,  like  laws  governing 
computer  crime,  is  currently  ambiguous  and  uncertain.  Of  concern 
in  some  quarters  is  DoD' s  lack  of  authority  to  provide  guidance 
on  securing  America's  infrastructure  networks,  although  the 
transmission  of  the  majority  of  DoD' s  unclassified  data  utilizes 
public-switched  networks.  In  view  of  DoD's  broad  mission  to 
maintain  the  leading  edge  in  warfighting  capability  and  its 
current  and  historical  role  in  the  deployment  and  use  of 
computers  and  computer  networks,  it  is  reasonable  to  assume  DoD 
will  be  a  key  player  during  the  formulation  and  implementation  of 
a  strategy  to  address  cyber-terrorism.  DoD  possesses  unique 
technical  expertise,  equipment,  and  experiences  that  are  ideally 
suited  to  confront  threats  to  America's  critical  computer 
networks . 

Since  cyber-terrorism  knows  no  national  boundaries  and  does 
not  have  to  present  a  passport  at  borders,  it  will  continue  to 
flourish.  Cyber-terrorists  can  ply  their  destructive  trade  far 
from  the  scene  of  the  attack.  Cyber-terrorists  can  stay  at  home 
and  remotely  perpetrate  their  misdeeds.  Without  cutting-edge 
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standardized  laws  and  international  cooperation,  cyber-terrorists 
remain  mostly  free  to  attack  targets  of  their  choice,  when  they 
choose.  Until  DoD' s  role  in  combating  cyber-terrorism  is 
defined,  its  potential  assistance  in  defending  critical 
infrastructure  networks  is  limited. 

RECOMMENDATIONS 

We  should  attend  to  our  critical  foundations  before  the 
storm  arrives,  not  after:  Waiting  for  disaster  will  prove  as 
expensive  as  it  is  irresponsible. 

—  President's  Commission  on  Critical  Infrastructure  Protection 
Cyber-terrorism  is  constantly  evolving.  Effectively 
countering  it  requires  adapting  to  a  changing  culture.  Many 
procedures  are  available  to  challenge  cyber-terrorism;  however, 
network  vulnerabilities  cannot  be  eliminated  through  the  use  of 
any  single  procedure.  In  fact,  all  the  holes  will  never  be 
plugged  because  the  challenge  is  dynamic  and  the  cost  of  security 
is  very  high  indeed.  Although  the  federal  government's  budget 
for  research  and  development  of  infrastructure  protection  is 
$250M  annually,  recommendations  have  been  made  to  quadruple  this 
figure  over  the  next  five  years. The  following  recommendations 
for  public  and  private  sector  action  are  introduced  as  positive 
steps  in  limiting  the  cyber  threat  to  America's  critical 
infrastructure  networks. 

First,  implement  training  programs  in  the  public  and  private 
sectors  to  alert  and  inform  users  and  operators  of  network 
vulnerabilities  and  procedures  to  reduce  them.  Prescribing  a  "PC 
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lite"  diet  to  America  would  not  be  an  effective  action  plan. 
However,  a  widespread  educational  program  to  increase  awareness 
of  the  problem  holds  considerable  promise. 

Second,  we  should  leverage  technology  to  limit  computer 
network  vulnerabilities.  Such  technologies  as  encryption, 
clipper  chip,'*^  and  biomet rics'*^  are  front  runners  in  this  area. 
Although  the  commercial  sector  does  not  endorse  the  clipper  chip 
due  to  potential  law  enforcement  monitoring  of  commercial 
dealings,  such  issues  must  be  re-addressed  so  that  necessary 
compromises  lead  to  effective  actions.  The  clipper  chip 
encryption  device  should  be  designated  as  standard  protection 
against  network  security  breaches  in  both  the  commercial  and 
government  sectors.  The  degree  of  privacy  that  may  be  lost  is 
miniscule  compared  to  the  degree  of  havoc  that  can  be  wreaked 
upon  the  nation's  critical  computer  networks,  to  say  nothing  of 
the  second  and  third  order  effects  to  follow.  The  U.S.  should 
also  take  the  lead  in  standardizing  commercial  encryption  tools 
used  internationally. 

Third,  rewrite  and  continuously  update  legislation  to  ensure 
it  is  unambiguous  regarding  what  constitutes  a  computer  crime. 
Agreements  must  be  implemented  to  clarify  legal  proceedings 
within  the  U.S.  and  internationally.  Laws,  however,  must  be 
expansive  enough  to  deter  unlawful  activities,  but  narrow  enough 
to  recognize  the  many  legitimate  uses  of  computers  and  computer 
networks . 
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Finally,  we  should  create  a  coalition  between  private  and 
public  sector  participants.  Responsibility  for  the  protection  of 
the  nation' s  critical  computer  networks  crosses  public  and 
private  sector  boundaries.  The  coalition  must  clearly  delineate 
the  roles  and  missions  of  combatants  of  cyber-terrorism.  From  a 
military  perspective,  DoD' s  role  in  combating  cyber-terrorism 
must  be  clearly  specified  to  take  full  advantage  of  the  unique 
skills  and  experiences  that  DoD  possesses. 


CONCLUSION 


Tomorrow' s  terrorists  may  be  able  to  do  more  damage  with  a 
keyboard  than  with  a  bomb.^® 


—  National  Research  Council 


In  the  past,  America's  homefront  has  been  protected  by  large 
surrounding  oceans  and  a  strong  military.  However,  the 
importance  of  those  oceans  and  of  military  force  has  been 
decreased,  thanks  to  wholesale  acceptance  of  information  age 
innovations.  America's  national  security  is  currently  challenged 
by  a  new  menace,  cyber-terrorism.  Documented  evidence,  such  as 
the  Italian  Red  Brigade's  manifesto,  reveals  that  cyber-terrorism 
has  been  incorporated  into  some  terrorists'  campaign  strategy. 
Unfortunately,  the  tools  to  orchestrate  a  computer-generated 
attack  on  critical  U.S.  infrastructure  networks  are  readily 
available  today. 

Cyber-terrorists  have  leveraged  technology  to  exploit  the 
power  of  information  age  tools  to  the  maximum  extent  possible. 
They  have  demonstrated  their  capabilities  to  use  advanced 
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technology,  to  travel  and  communicate  undetected,  and  to 
circumvent  the  letter  and  spirit  of  the  law.  Computer  networks 
that  control  the  nation' s  critical  infrastructure  systems  have 
already  been  infiltrated  on  many  occasions,  at  many  different 
sites. 

Cyber-terrorism  is  dynamic.  But  its  impact  can  be  lessened 
through  vigilance,  cooperation,  and  a  clear  delineation  of  roles 
and  missions  for  business,  government,  and  DoD  to  combat  cyber 
attacks.  Although  a  devastating  computer  network  attack  has  not 
yet  occurred,  known  compromises  of  U.S.  computer  systems  should 
serve  as  a  warning  sign  of  impending  danger.  As  Senator  Richard 
Lugar  of  Indiana  observed,  "People  don't  understand  the  enormity 
of  the  national  security  threats  out  there;  we  need  to  be 

49 

vigilant.  This  is  not  a  time  to  go  to  sleep  at  the  switch." 

Now  is  the  time  to  establish  procedures  to  address  the  emerging 
challenge  of  modem  mayhem  to  national  security. 
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